Back to blog
Utilizing Big Data For Information Security Insights in 2016
Traditional approaches for collecting and correlating security data require analysts to spend days to weeks compiling it before
they are able to apply any analysis to determine if a security incident has occurred (typically 80% of their time is spent on data prep with only 20% spent on actual analysis). At the pace of business today, and the ever evolving cybersecurity threat landscape, taking days or weeks to surface a security related issue can be catastrophic to an organization in terms of its material impact to its brand and finances.
Gartner predicts that by 2020, 40 percent of enterprises will have established a “security data warehouse” for the storage of this monitoring data to support retrospective analysis. With an exploding volume of security data organizations are struggling to be able to make real-time decisions regarding cybersecurity risk. Conventional approaches (SIEM & log file analysis) requires data to be stored in a database and then queries are run after the fact to detect or determine the cause of problems. Organizations are fast realizing that the time lost in this process results in a reactive security stance that is often far too late.
Big data technologies are changing the way we detect and understand cybersecurity events that are impacting our organizations by improving situational awareness in real-time. The promise of using big data analytics is based on a faster and more effective way to aggregate and correlate multiple sources of large volumes of security data to detect anomalies and suspicious activities across financial transactions, user access or file movements of highly sensitive data (such as personally identifiable data or corporate intellectual property or confidential financial or legal data), or changes to application/system master configuration settings.